WO2011005815A2 - On-line membership verification - Google Patents

On-line membership verification Download PDF

Info

Publication number
WO2011005815A2
WO2011005815A2 PCT/US2010/041140 US2010041140W WO2011005815A2 WO 2011005815 A2 WO2011005815 A2 WO 2011005815A2 US 2010041140 W US2010041140 W US 2010041140W WO 2011005815 A2 WO2011005815 A2 WO 2011005815A2
Authority
WO
WIPO (PCT)
Prior art keywords
certificate
organization
public key
signed
offered
Prior art date
Application number
PCT/US2010/041140
Other languages
English (en)
French (fr)
Other versions
WO2011005815A3 (en
Inventor
Robert S. Cahn
Original Assignee
Cahn Robert S
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cahn Robert S filed Critical Cahn Robert S
Priority to JP2012519689A priority Critical patent/JP5574511B2/ja
Priority to KR1020127003353A priority patent/KR101689419B1/ko
Priority to BR112012000277A priority patent/BR112012000277B1/pt
Priority to SG2011094604A priority patent/SG176937A1/en
Priority to AU2010270673A priority patent/AU2010270673B2/en
Priority to NZ597342A priority patent/NZ597342A/xx
Priority to CA2767418A priority patent/CA2767418C/en
Publication of WO2011005815A2 publication Critical patent/WO2011005815A2/en
Publication of WO2011005815A3 publication Critical patent/WO2011005815A3/en
Priority to IL217283A priority patent/IL217283A0/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements

Definitions

  • the present invention relates to a system and method of providing on-line verification of various credentials without requiring second site authentication.
  • a web site may include a link to another site that purports to "verify" the authenticity of the on-line retailer. By clicking on the link, a user (such as a potential customer) is re-directed to another web page displaying the "certificate" of the on-line retailer.
  • second site authentication In general, these systems are referred to as "second site authentication" and have (undoubtedly) been found to be relatively easy to forge.
  • Domain names that are relatively similar to reputable "verification services” may be purchased by unscrupulous individuals who may then create 'fake' certificates and present them to unwary third parties looking for verification of a certain product or service. Simply put, good sites send you to other good sites for authentication, bad sites send you to other bad sites. Moreover, the proliferation of bad sites in the marketplace of second site authentication services remains problematic. While some browser add-ons may alert the user to "bad sites", this solution results in a race between the bad guys who create new bad sites, and the people who administer the addons and have the task of continually updating the identification of bad sites. Indeed, this approach is the same as the one used by parental control tools to warn of internet-based sexual material. Experience has thus shown that the race is never over, and there will always be ways to access untoward information.
  • the present invention relates to a system and method for providing verification of various credentials to an independent person without the need to utilize a "second site" to perform the verification.
  • a system and method that utilizes protocols and cryptography to assure customers (generally referred to hereinafter as "users") that they are dealing with a person (or organization) that can present multiple, non-repudiable proof of their identification.
  • the system is launched directly from the user's browser such that certificate verification is performed "locally", without needing to go out and obtain information from another (perhaps unscrupulous) web site.
  • An expiration date is preferably associated with each credential in order to ensure that the certificate is not “stale” and to create a fixed date upon which the certificate will expire.
  • the certificates provided by the system and method are difficult to forge or steal. While it is possible for a knowledgeable (i.e., computer-savvy) user to manually verify the authenticity of the certificate, the preferred embodiment of the inventive system is based upon the creation of a new MIME (i.e.
  • Multipurpose Internet Mail Extensions type that is employed by the user's browser and utilizes public keys associated with the credentialing organizations in combination with a public key of the verification organization.
  • the credentialing organization retains control of the certificate. It is further possible to allow multiple persons associated with the credentialing organization to sign-off on the credential, providing additional certainty that the certificate is genuine.
  • the system of the present invention is capable of including verification by other reputable, third-party verification services, thus providing multiple, separate levels of verification.
  • FIG. 1 illustrates an exemplary network arrangement for employing the on-line membership verification service of the present invention
  • FIG. 2 contains a flowchart illustrating an exemplary process for allowing an organization to subscribe to the on-line membership verification service
  • FIG. 3 shows an exemplary public key associated with an organization
  • FIG. 4 shows an exemplary private key associated with the on-line membership verification system and service of the present invention
  • FIG. 5 shows an exemplary "signed public key", that is the public key of FIG. 3 upon signature by the private key of FIG. 4;
  • FIG. 6 shows an original "membership certificate” created by an organization
  • FIG. 7 shows a signed version of the membership certificate of FIG. 6
  • FIG. 8 is an exemplary GUI of a certificate as expanded by the add-on and viewed by a user interested in validity a presented certificate
  • FIG. 9 contains a listing of the parameters used to control the validity tests associated with the certificate handler process
  • FIG. 10 is a flow chart of an exemplary process executed by the cert handler MIME type to check the authenticity of a presented "certificate"
  • FIG. 1 1 is an exemplary GUI created for an "invalid" certificate
  • FIG. 12 is a flow chart of an exemplary process associated with using an existing X.509 certificate in association with the on-line membership verification service of the present invention.
  • the on-line membership verification system 10 and method of the present invention is practiced within an environment including a web server 20 (for example, Apache) for storing public keys 16 and a web browser 30 (for example, Firefox) associated with a user attempting to verify an individual or organization 40.
  • a web server 20 for example, Apache
  • a web browser 30 for example, Firefox
  • a significant aspect of the working of the present invention is the creation and use of "signed keys" 18 - that is, public keys associated with organizations that have been verified and “signed off by the inventive membership verification service.
  • the process is similar, but not limited to, the creation of an X,509 certificate.
  • These "signed" keys 18 are also stored in web server 20 and accessed, as needed, by the verification process of the present invention. The details of this procedure will be discussed in association with the following figures.
  • the first step in the inventive process is to install an add-on 15 for a user's web browser 30 that will execute a new MIME type handler (as described in detail below) that functions to download a current set of signed keys 18 onto the user's machine via web browser 30 and thereafter execute a process to determine the validity of a presented membership certificate.
  • web browser 30 first accesses a trusted source 50 of add-ons (such as, for example, the site run by Mozilla for Firefox) and downloads add-on 15, as well as a file containing a current set of signed public keys 18 from web server 20.
  • the add-on code will not change (except for bug fixes and upgrades), but the list of signed public keys 18 will be frequently updated as old keys expire and new organizations subscriber to the on-line membership verification service.
  • the install process is the same as that which is used for installing any add-on, and will include the registering of the new MIME type. The user's machine is now enabled to process certificates in an automated fashion.
  • the user Upon enablement, therefore, the user is able to verify a "certificate" that appears on a website of an individual or organization directly through his own browser 30 (without requiring access to 'second side' authentication). Every time the user starts his browser 30, add-on 15 is triggered and will search for an updated list of signed keys 18. Alternatively, the search for an updated list of signed key ⁇ s 18 will be triggered by the first use of the add-on. If an updated list is found, it will be downloaded and installed on the user's machine in place of the previous version. Inasmuch as the keys will only be valid if signed by the on-line membership verification service, there is no concern about the injection of "false" keys.
  • FIG. 2 contains a flowchart of the steps associated with the process followed by an organization desiring to subscribe to the on-line membership verification service of the present invention.
  • the "organization” may be, for example, an educational institution (high school, college, medical school, law school, etc), a professional organization, a trade association, or any other group with whom an individual is associated.
  • the process is like that used by conventional Certification Authorities (CAs) to verify the identity of an organization, or that used by a commercial bank to verify an individual or organization prior to opening a bank account.
  • CAs Certification Authority
  • a first step 100 is shown as an organization initiating a request to subscribe to the on-line membership verification service offered in accordance the present invention.
  • the organization is then requested to present verifying material to the on-line membership verification service (step 1 10).
  • the verifying material may include one or more items selected from, for example, Articles of Incorporation, notarized organizational papers, letters on company stationery including a corporate seal, references from other companies, etc.
  • the specific types of verifying material are not pertinent to the operation of the on-line membership service of the present invention.
  • the on-line membership verification service then proceeds, in step 120, to review the presented verifying material and either accept the organization and approve the subscription, or reject their invitation. This is an off-line process performed by the service. If the presented material cannot be verified, the request is denied (step 125).
  • step 130 the next step in the process is for the verification service to launch a request for the organization's public key 16 to key server 20.
  • FIG. 3 illustrates an exemplary public key for a subscribed organization (in this case, Yale University).
  • the organization's public key 16 is then imported to on-line membership verification system 10 and signed by the online membership verification service with its own private key 17 (step 140).
  • An exemplary private key 17 associated with the on-line membership verification service is shown in FIG. 4 and a "signed" public key 18 is shown in FlG. 5.
  • Signed key 18 is re- exported to web server 20 (step 150) and added to the list of signed public keys.
  • the signature by the on-line membership verification service does not change the value of public key 16, as seen by comparing FIG. 3 to FIG. 5, but rather signifies that the initial public key 16 has been accepted by the on-line membership validation service as authentic.
  • the list of active keys will continue to grow.
  • the three necessary components of certificate 70 are: (1) the identity of the credentialing organization (contained between the ⁇ organization> and ⁇ /organization> tags and shown on line A of certificate 70); (2) the website with which the requested certificate will be associated (shown as ⁇ website> on line B of certificate 70); and (3) the expiration date of the certificate (shown as ⁇ expires> on line C of certificate 70).
  • the other information included in exemplary certificate 70 of FIG. 6 is considered to be optional.
  • the created certificate 70 is then digitally signed by Yale with its private key, rendering a "signed certificate" 72 as shown in FIG. 7.
  • a PGP signature is shown as associated with the private PGP key of Yale, any other suitable private key methodology may be used in accordance with the present invention to create a signed certificate 72.
  • Created certificate is stored in a file, in this specific example a file called: yale-cahn.cert.asc.
  • the MIME header is added.
  • One exemplary way of doing this uses the PHP language, where the following lines are added at the beginning of yale-cahn.cert.asc to produce yale-cahn. cert, asc.php:
  • This file is then forwarded to the requesting individual for inclusion in his web site.
  • the expiration date of the certificate itself may be different from the expiration date of the organization's original public key 16 (compare FIG. 3 - the expiration date of the certificate may be earlier, but not later than, the expiration date of the key). It is also important for signed certificate 72 to include an expiration date inasmuch as otherwise an "unending" certificate is created, where the credentialing organization then becomes hard-pressed to rescind or modify all outstanding certificates. That is, it may be possible that Yale (in this example) decides to issue more information in a future certificate, but without a certificate having an expiration date there may be multiple versions of the certificate floating around in the digital space of the internet.
  • a signed certificate 72 upon creation, is then included in the web site of the requesting individual (i.e., the authenticated member of the organization creating the certificate) and thereafter 'advertised' by the web site's owner (i.e., the "requesting individual") as available to confirm his/her authenticity.
  • some sites may include several such certificates, some associated with educational institutions (e.g., verifying degrees earned), professional associations (e.g., affirming member-in-good- standing of the AMA), civic associations (e.g., Rotarian of the Northeast Region), business groups (e.g., member of local BBB).
  • a signed certificate 72 may be accessible by very sophisticated users (i.e., knowledgeable about PGP and GPG) in order to verify the signature, most people visiting an individual's web site and desiring to confirm the authenticity of one or more certificates need further assistance.
  • a MIME type (“certificate handler") has been created that allows for a signed certificate 72 to be opened and viewed by a user (i.e., a person visiting an individual's web site), where this MIME type is included in add-on 15 previously loaded onto the user's machine via web browser 30 as shown in FIG. 1 and discussed above.
  • An exemplary graphical user interface (GUI) associated with this certificate handler process is shown in FIG. 8.
  • the certificate handler performs four specific tasks: (1) writes out the certificate for non-repudiation (shown as section I in the GUI of FIG. 8); (2) writes out a locally-known (i.e., "secret") security phrase in a locally-chosen (i.e., "secret") color (shown as section II in the GUI of FIG. 8, where the shading in the drawing is intended to be indicative of the inclusion of color); and (3) writes out the results of the validity tests (shown as section III in the GUI of FIG. 8.
  • the details of this process are controlled by the parameters shown in FIG 9, which shows the location where the add-on will store the certificate listed in step (10, above, as well as the secret phrase and locally-chosen color.
  • the secret phrase and locally-chosen color are used to avoid "playback attacks" and are local to the user's browser. Without this phrase, a bad website could simply provide a web page that looks like the verification page shown in FIG. 8. Therefore, unless the "secret phrase” - printed in the "secret color” - appears in the process of checking the certificate, the user will know that someone is trying to present a false certificate verification page to him.
  • the following steps outline the process performed by a user's web browser 30 when presented with a "certificate”. At this point in time, the user has no idea whether or not the offered "certificate" shown on a web site being viewed is valid or invalid.
  • add-on 15 When add-on 15 receives a "certificate" from a web site being viewed by the user, a series of steps are performed as outlined in the flowchart of FIG. 10 to determine if the "certificate” is valid, or a forgery. As shown, the process begins at step 200 with receiving (from a web site being accessed) a certificate to be checked by add-on 15. Add-on 15 first checks (step 210) that the site specified by the ⁇ website> tag on the certificate matches the site from which the certificate was downloaded. If there is no match, the verification process fails. Indeed, this aspect of the process makes an authenticated certificate hard to steal and use on another web site.
  • step 220 Presuming the tag and offering website match, the process moves forward to step 220 and launches the partial certification handler to perform the remainder of the validity tests (if using a local application), or merely proceeds to execute the rest of the code, if that code is within add-on 15.
  • step 220 launches the partial certification handler to perform the remainder of the validity tests (if using a local application), or merely proceeds to execute the rest of the code, if that code is within add-on 15.
  • step 230 tests to see if the "current date" of the validity request is before or equal to the expiration date set by the ⁇ expires> tag on the offered "certificate". If it is determined that the "certificate” has expired, the process again fails.
  • FIG. 11 is a GUI of an exemplary screen that is presented to the user upon failure of the "certificate” to pass this step in the process, as shown on line D of the "certificate” of FIG. 1 1.
  • step 240 proceeds to determine if a related signing key - signed by the credentialing organization - is in the cache supplied to add-on 15 by web server 20. At this stage, there may be an optional step where add-on 15 will go out to server 20 to see if the set of signed keys 18 is current. Should there be an updated set of keys, they will first be downloaded and the check will proceed against the new set of keys. If a key is not found, then the process will stop and be defined as a failure.
  • signed key 18 is then checked (step 250) to determine if the signature is good (that is, the proper private key 18 is associated with the organization's public key 16) and that it has not expired (step 260). Lastly, the signed key is checked (step 270) to see if has been signed by an unexpired key of the on-line membership verification service (see FIG. 5). If this last test is passed, the certificate is defined as "valid”. Otherwise, the user is informed that the certificate is invalid; the user is thus "warned” that he may be dealing with an unscrupulous individual/source.
  • the above-described validity tests as outlined in FIG. 10 are used to ensure that an unexpired certificate from a proper (i.e., previously-authenticated) site has been downloaded. Only after each one of these tests has been passed is the certificate accepted as "valid". It is to be understood that the specific order of these tests is not fixed; for example, one may check the signature first and check the website at the end of the process.
  • the validation process of the present invention is carried out by add-on 15 associated with the user's browser and does not require the individual to be directed to any other site for verification (i.e., no "second site” is involved in the validation process).
  • the inclusion of expiration dates on the certificate, keys and signatures are considered to useful in preventing 'stale' certificates to remain in circulation.
  • third party security services may desire to become associated with the on-line membership verification service of the present invention, thus providing additional levels of authentication to a specific certificate.
  • the individual/organization is vetted by both the on-line membership verification service and any other associated third party security service, with the organization's public key then "signed" by each service.
  • the certificate handler program is modified in this case to look for and test the signatures offered by each service.
  • a different MIME type can be created specifically for handling multiple- signed keys.
  • the on-line membership verification service may be configured to "sign" each individual certificate created by a specific organization, rather than perform a one-time sign-off on the public key of that organization.
  • This embodiment may also be implemented in combination with the above- described multiple-signed keys, where the additional third party security service(s) may attest to only one or both of the signatures associated with the certificate.
  • X.509 certificates Inasmuch as many organizations already have created and used X.509 certificates for other business purposes, they may desired to use these certificates in place of signed keys to create membership certificates in association with the present invention.
  • the on-line membership verification system and service of the present invention operates in a slightly different manner.
  • a presented X.509 certificate is itself signed with the private key of a known certificate authority.
  • the X.509 certificate can be signed by the on-line membership verification service and stored in a database 19 created for such files (i.e., "signed X.509 certificates").
  • the cert handler then follows the process as outlined in the flowchart of FIG. 12.
  • the cert handler will first look (step 300) for the proper X.509 certificate in database 19 created as noted above. If a certificate is not found (step 310), the process will exit and the user will be advised that no proper validation exists. Otherwise, the process continues by checking for a correct signature from the originating organization (320). If either the certificate is not found, or the signature is not proper, the process fails and the failure is reported to the individual attempting to validate the certificate.
  • the X.509 certificate is then parsed into its defined components (step 340) and the ⁇ organization> field of the "membership” certificate is checked (step 350) to see if it matches either the common name or organization listed on the X.509 certificate. If there is a mismatch, an error message is issued and the processing stops.
  • the "validity" fields are then checked at step 360 and if the current time is not between the "not before” and “not after”, an error message is created and issued. Presuming the certificate is valid, the signature of the certificate is checked using the public key of the issuing Certificate Authority (CA) in step 370 and, finally, the public key and key type of the organization is read and used to check the signature of the on-line membership verification service of the present invention. If the signature is valid, then a "verified” membership certificate is reported (step 390); otherwise, an error is indicated.
  • CA Certificate Authority
  • the cert handler will still need to verify the ⁇ website> field against the URL of the page, or warn the individual reviewing the certificate to do so manually (as with GPG signatures).
  • a further extension of this service is in the area of verifying the education, work history, and other background of a job candidate.
  • the job candidate creates a web site that can only be accessed by a password.
  • a prospective employer wants to check his or her background he wishes to know that the prospective employee is not masquerading as someone else.
  • the job candidate asks the prospective employer for a user id, password pair that they wishes to use.
  • the job seeker then enables the user id, password for his or her web site and when the prospective employer logs on he or she can be assured that the person they have spoken with is the person described by the certificates on the web site.
  • This password may be limited to one-time use or limited time use for pu ⁇ oses of maintaining confidentiality.
  • the present invention is associated with an on-line membership verification service and system whereby organizations certify the credentials of a member for a given web site associated with the member.
  • the service gives members the ability to provide their various organization affiliations to others using certificates signed by both the organization(a) and the on-line membership verification service provider.
  • the inventive service does not require that the organization divulge their secret keys to the service. Multiple signers may be required to sign a key, providing additional certainty that the certificate is genuine.
  • the inventive system includes code that is loaded onto client computers and that will be automatically invoked using the MIME handling mechanisms of browsers to check the validity of the certificate and, optionally, store the certificate on the local machine should some future problem arise.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)
  • Storage Device Security (AREA)
PCT/US2010/041140 2009-07-10 2010-07-07 On-line membership verification WO2011005815A2 (en)

Priority Applications (8)

Application Number Priority Date Filing Date Title
JP2012519689A JP5574511B2 (ja) 2009-07-10 2010-07-07 オンライン会員資格検証
KR1020127003353A KR101689419B1 (ko) 2009-07-10 2010-07-07 온라인 멤버십 검증
BR112012000277A BR112012000277B1 (pt) 2009-07-10 2010-07-07 sistema para verificação de certificados que aprecem em um website a fim de certificar um número de membros do proprietário do website com uma organização em particular, método de verificação de um certificado de número de membros on-line apresentado por um proprietário do website e método de início de uma assinatura a um certificado do serviço de verificação do número de membros on-line para uma organização
SG2011094604A SG176937A1 (en) 2009-07-10 2010-07-07 On-line membership verification
AU2010270673A AU2010270673B2 (en) 2009-07-10 2010-07-07 On-line membership verification
NZ597342A NZ597342A (en) 2009-07-10 2010-07-07 Verifying certificates appearing on a website purporting to certify a membership of the web site owner with a particular organisation
CA2767418A CA2767418C (en) 2009-07-10 2010-07-07 On-line membership verification
IL217283A IL217283A0 (en) 2009-07-10 2011-12-29 On-line membership verification

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US27057409P 2009-07-10 2009-07-10
US61/270,574 2009-07-10
US12/829,550 2010-07-02
US12/829,550 US8275991B2 (en) 2009-07-10 2010-07-02 On-line membership verification

Publications (2)

Publication Number Publication Date
WO2011005815A2 true WO2011005815A2 (en) 2011-01-13
WO2011005815A3 WO2011005815A3 (en) 2011-03-31

Family

ID=43428359

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2010/041140 WO2011005815A2 (en) 2009-07-10 2010-07-07 On-line membership verification

Country Status (10)

Country Link
US (1) US8275991B2 (ko)
JP (1) JP5574511B2 (ko)
KR (1) KR101689419B1 (ko)
AU (1) AU2010270673B2 (ko)
BR (1) BR112012000277B1 (ko)
CA (1) CA2767418C (ko)
IL (1) IL217283A0 (ko)
NZ (1) NZ597342A (ko)
SG (1) SG176937A1 (ko)
WO (1) WO2011005815A2 (ko)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8789163B2 (en) * 2011-02-20 2014-07-22 Robert S. Cahn On-line membership verification utilizing an associated organization certificate
CA2831617C (en) 2011-04-01 2018-06-26 Clawd Technologies Inc. System, method, server and computer-readable medium for real-time verification of a status of a member of an organization
US9225690B1 (en) * 2011-12-06 2015-12-29 Amazon Technologies, Inc. Browser security module
US9882713B1 (en) 2013-01-30 2018-01-30 vIPtela Inc. Method and system for key generation, distribution and management
KR101408968B1 (ko) * 2013-03-18 2014-06-18 박수연 공인 인증서 접근 보안이 강화된 인증 시스템 및 그 방법
US10380216B2 (en) 2013-07-08 2019-08-13 Rakuten, Inc. Server, client terminal, service method, and program
US10142254B1 (en) 2013-09-16 2018-11-27 Cisco Technology, Inc. Service chaining based on labels in control and forwarding
US9467478B1 (en) 2013-12-18 2016-10-11 vIPtela Inc. Overlay management protocol for secure routing based on an overlay network
US9641516B2 (en) 2015-07-01 2017-05-02 International Business Machines Corporation Using resource records for digital certificate validation
US9980303B2 (en) 2015-12-18 2018-05-22 Cisco Technology, Inc. Establishing a private network using multi-uplink capable network devices
US10523447B2 (en) * 2016-02-26 2019-12-31 Apple Inc. Obtaining and using time information on a secure element (SE)
US10680833B2 (en) 2016-02-26 2020-06-09 Apple Inc. Obtaining and using time information on a secure element (SE)
US10630490B2 (en) 2016-02-26 2020-04-21 Apple Inc. Obtaining and using time information on a secure element (SE)
US10305693B2 (en) 2016-11-03 2019-05-28 International Business Machines Corporation Anonymous secure socket layer certificate verification in a trusted group
US10841294B2 (en) * 2017-07-09 2020-11-17 Abdullah Rashid Alsaifi Certification system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040078564A1 (en) * 2000-03-20 2004-04-22 Melih Abdulhayoglu Hallmarking verification process and system and corresponding method of and system for communication
US6754829B1 (en) * 1999-12-14 2004-06-22 Intel Corporation Certificate-based authentication system for heterogeneous environments
US20060059332A1 (en) * 2004-09-02 2006-03-16 Research In Motion Limited System and method for searching and retrieving certificates
US20060277592A1 (en) * 2005-06-01 2006-12-07 Research In Motion Limited System and method for determining a security encoding to be applied to outgoing messages

Family Cites Families (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6162060A (en) 1991-08-09 2000-12-19 Texas Instruments Incorporated System and method for the delivery, authoring, and management of courseware over a computer network
US6035402A (en) 1996-12-20 2000-03-07 Gte Cybertrust Solutions Incorporated Virtual certificate authority
US6553493B1 (en) 1998-04-28 2003-04-22 Verisign, Inc. Secure mapping and aliasing of private keys used in public key cryptography
US7263491B1 (en) 1998-12-31 2007-08-28 Credentials Inc. On-line degree and current enrollment verification system and method
US6714944B1 (en) 1999-11-30 2004-03-30 Verivita Llc System and method for authenticating and registering personal background data
JP4070413B2 (ja) * 2001-02-22 2008-04-02 株式会社リコー 電子取引装置、方法及び電子取引システム
JP2002287630A (ja) * 2001-03-28 2002-10-04 Hitachi Ltd 電子証明書の失効方法
JP3773807B2 (ja) * 2001-05-31 2006-05-10 株式会社みずほ銀行 金融取引方法及び金融取引プログラム
JP2003016311A (ja) * 2001-07-02 2003-01-17 Ricoh Co Ltd 電子取引システム、プログラムおよび記録媒体
JP2003085355A (ja) * 2001-09-12 2003-03-20 Nec Corp 会社支配支援システム、株主総会情報処理装置、株主権行使支援サーバ、会社支配支援方法及び制御プログラム
US7383232B2 (en) 2001-10-24 2008-06-03 Capital Confirmation, Inc. Systems, methods and computer program products facilitating automated confirmations and third-party verifications
JP2003169051A (ja) * 2001-11-29 2003-06-13 Shachihata Inc 電子印鑑システム
JP2003177949A (ja) * 2001-12-07 2003-06-27 Casio Comput Co Ltd 情報処理システム、および、プログラム
JP3961309B2 (ja) * 2002-02-13 2007-08-22 三菱電機株式会社 公開鍵サーバ
JP2003256651A (ja) * 2002-03-06 2003-09-12 Shinkin Central Bank 申請データの認証サービス方法
KR20050018982A (ko) * 2002-07-10 2005-02-28 제너럴 인스트루먼트 코포레이션 키 시드를 사용한 전자 키들의 비인가된 분배 및 사용을방지하는 방법
JP3894181B2 (ja) 2003-10-10 2007-03-14 株式会社日立製作所 公開鍵証明書検証の高速化方法、および装置
JP2005157617A (ja) * 2003-11-25 2005-06-16 Fujitsu Support & Service Kk 受験資格判定方法及び受験資格判定システム並びに受験資格判定プログラム
US7370202B2 (en) * 2004-11-02 2008-05-06 Voltage Security, Inc. Security device for cryptographic communications
US7900247B2 (en) * 2005-03-14 2011-03-01 Microsoft Corporation Trusted third party authentication for web services
US7493403B2 (en) * 2006-03-13 2009-02-17 Markmonitor Inc. Domain name ownership validation
JP4919335B2 (ja) * 2006-08-04 2012-04-18 株式会社リコー セキュリティ印刷処理装置
US8086632B2 (en) 2008-01-07 2011-12-27 International Business Machines Corporation Credential management
US8220040B2 (en) * 2008-01-08 2012-07-10 International Business Machines Corporation Verifying that group membership requirements are met by users

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6754829B1 (en) * 1999-12-14 2004-06-22 Intel Corporation Certificate-based authentication system for heterogeneous environments
US20040078564A1 (en) * 2000-03-20 2004-04-22 Melih Abdulhayoglu Hallmarking verification process and system and corresponding method of and system for communication
US20060059332A1 (en) * 2004-09-02 2006-03-16 Research In Motion Limited System and method for searching and retrieving certificates
US20060277592A1 (en) * 2005-06-01 2006-12-07 Research In Motion Limited System and method for determining a security encoding to be applied to outgoing messages

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
ELLIOTTE RUSTY HAROLD: 'Managing XML data: Identify XML documents File extens ions and MIME types' IBM DEVELOPERWORKS ARTICLE, [Online] 29 April 2005, Retrieved from the Internet: <URL:http://www.ibm.com/developerworks/xml/library/x-mxd2.htm1> *

Also Published As

Publication number Publication date
WO2011005815A3 (en) 2011-03-31
AU2010270673B2 (en) 2015-01-22
CA2767418A1 (en) 2011-01-13
BR112012000277A2 (pt) 2016-02-23
BR112012000277B1 (pt) 2020-02-04
SG176937A1 (en) 2012-01-30
US20110010553A1 (en) 2011-01-13
JP2012533223A (ja) 2012-12-20
JP5574511B2 (ja) 2014-08-20
US8275991B2 (en) 2012-09-25
IL217283A0 (en) 2012-02-29
CA2767418C (en) 2016-06-07
KR20120089232A (ko) 2012-08-09
NZ597342A (en) 2013-05-31
KR101689419B1 (ko) 2016-12-23
AU2010270673A1 (en) 2012-01-19

Similar Documents

Publication Publication Date Title
CA2767418C (en) On-line membership verification
CN111213350B (zh) 用于创建去中心化标识的系统和方法
US8789163B2 (en) On-line membership verification utilizing an associated organization certificate
EP1436938B1 (en) Method for automated identification, processing and issuance of digital certificates
US9521138B2 (en) System for domain control validation
US20030172296A1 (en) Method and system for maintaining secure access to web server services using permissions delegated via electronic messaging systems
US20140259132A1 (en) System for creating a security certificate
Heiss et al. Non-disclosing credential on-chaining for blockchain-based decentralized applications
US20080209218A1 (en) Methods and systems for providing independent verification of information in a public forum
US20030172298A1 (en) Method and system for maintaining secure access to web server services using server-delegated permissions
US20030172299A1 (en) Method and system for maintaining secure access to web server services using permissions
US20030172297A1 (en) Method and system for maintaining secure access to web server services using public keys
US20140259131A1 (en) Method for creating a security certificate
WO2003077130A9 (en) Method and system for maintaining secure access to web server services
Pericàs-Gornals et al. Rejectable soulbound tokens for credentials assignment and acceptance of terms
JP2003122718A (ja) 認証システム及び認証方法
NZ613951B2 (en) On-line membership verification utilizing an associated organization certificate
Cordova Morales et al. Enhancing the Acme Protocol to Automate the Management of All X. 509 Web Certificates (Extended Version)
Guidance Federal Identity, Credential, and Access Management Trust Framework Solutions
Steinbrecher et al. FIDIS

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10797756

Country of ref document: EP

Kind code of ref document: A2

WWE Wipo information: entry into national phase

Ref document number: 2010270673

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 2012519689

Country of ref document: JP

Ref document number: 2767418

Country of ref document: CA

NENP Non-entry into the national phase

Ref country code: DE

ENP Entry into the national phase

Ref document number: 2010270673

Country of ref document: AU

Date of ref document: 20100707

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1179/CHENP/2012

Country of ref document: IN

ENP Entry into the national phase

Ref document number: 20127003353

Country of ref document: KR

Kind code of ref document: A

REG Reference to national code

Ref country code: BR

Ref legal event code: B01A

Ref document number: 112012000277

Country of ref document: BR

Kind code of ref document: A2

122 Ep: pct application non-entry in european phase

Ref document number: 10797756

Country of ref document: EP

Kind code of ref document: A2

ENP Entry into the national phase

Ref document number: 112012000277

Country of ref document: BR

Kind code of ref document: A2

Effective date: 20120105